Internet Programming. Security

(1)

Internet Programming

(2)

(3)

3

Spyros Voulgaris - Vrije Universiteit

Internet Programming - Period 1 17/10/2015

Security Issues in Internet Applications



_{A distributed application can run inside a LAN}

 _{Only a few users have access to the application}

 _{Network infrastructures are handled by one organization}  _{Security is not a huge threat (in general)}



_{When you deploy an application over the Internet}

 _{You cannot control who your users are}

 _{You cannot control the network infrastructures}  _{There may be attacks to your application}

(4)

4

What is Security? [1/2]



_{Confidentiality}

 _{Prevent unauthorized disclosure of the information}  _{An attacker cannot “spy” on you}



_Integrity

 _{Prevent unauthorized modification of the information}  _{An attacker cannot modify your information}



_{Authentication}

 _{Prove your identity to the system}

 _{An attacker cannot pretend to be an authorized user} 

_{Authorization}

(5)

5

What is Security? [2/2]



_{Non Repudiation}

 _{To prevent false denial of a contract}

 _{A user cannot pretend he did not sign some statement}



_Auditing

 _{To securely record evidence of performed actions}



_Availability

 _{Guarantee access to the information}

 _{An attacker cannot prevent you from accessing your information}



_{Fault Tolerance}

(6)

(7)

7

Encryption / Decryption

 _{Encryption provides}_{confidentiality}

 _Symmetric _{key encryption (e.g., DES)}

 _The_{same key}_{is used for}_encryption _and_decryption  _{But how do you distribute the key to your partners?}

 _{You need to communicate over a secure channel!}  _{E.g., give it by hand, by post, by other means}

 _Asymmetric _{key encryption (e.g., RSA)}

 _{Keys are created in pairs}

 _{Public key}_{: You can announce it to everyone  Used to ENCRYPT}

 _{Private key}_{: You should keep it strictly for yourself  Used to DECRYPT}

 You encrypt your messages with the recipient’s public key

(8)

8

Digital Signatures

 _{Digital signatures provide}_integrity

 _{You attach a signature to each message}

 Only you can attach a correct signature to a message

 An attacker can modify the message but cannot forge a correct signature to pretend the message comes from you

 _{Digital signatures are usually realized by asymmetric keys}

 _{The same pairs of keys as for asymmetric encryption!}  You sign the message  Encrypt it with your private key

 The recipient can check the signature without knowing the secret key  _{It is}_{“impossible”}_(read:_{computationally infeasible}_{) to create a correct}

signature without knowing the secret key

 _{If you want both integrity and confidentiality,}_{use both encryption and}

(9)

9

Hash Functions



_{Hash functions}

_provide

_integrity

_{as well}



_{Hash functions are the same as signatures, but without a key}

 _{You compute a signature (or hash) of your message}

 _{You transmit it in a secure way}

 _{It is very hard to create another message whose hash will be the same}  _{Anyone can compute the hash of the received message and check}

whether it matches the expected value 

_{Example: md5}

$ md5sum slides.tex 05aa72cd3c0b238b6228e295fd203e73 slides.tex $ echo >> slides.tex $ md5sum slides.tex 185d85f4932265d68958c5e708f09c6f slides.tex $

(10)

10

Secure Protocols

 _{Basic security tools are not enough}

 How do you use them?

 How do you react when something happens?

 _{Secure protocols define how basic tools are used}

 _{They provide higher levels of security by merging the strengths of several} basic security tools

 They provide simple security mechanisms  _{The provide standards}

 _Examples:

 _PGP_{: Pretty Good Privacy}

 _{Encryption / decryption / signatures}

 SSL: Secure Socket Layer  SSH: Secure SHell

(11)

(12)

12

GPG



_{GPG: GNU Privacy Guard}



_{GPG is primarily meant for securing email}

 _{But you can also use it to encrypt / decrypt / sign any message}  _{It is a free alternative to PGP}

 _{It is available at http://www.gnupg.org/}



_{GPG allows you to}

 _{Create public/private key pairs}  _{Encrypt/decrypt messages}

(13)

13

GPG Usage



_{To create your own public/private key pair:}



_{You will be asked several questions: which kind of key you want,}

which size, which expiration date, a username, your email address,

etc.

 _{Unless you have a good reason to do so, keep the default values}



_{Then it will ask you a passphrase}

 _{Type any passphrase}

 _{Your private key will be encrypted with this passphrase before being} stored on disk

 _{GPG will ask you for your passphrase each time it needs to access your} private key

(14)

14

Disseminating your Public Key



_{You can give your public key to anyone}

 _{In particular, to anyone who may want to communicate with you using} GPG

 _{Never give your private key to anyone!}



_{You can get your public key with:}



_{You can import somebody else’s public key to your “keyring” with:}



_{You can list the keys contained in your keyring:}

gpg –-export –armor <Your_Name>

gpg –-import <filename>

(15)

15

Encryption / Decryption with GPG



_To

_encrypt

_{a file, you must specify the recipient of your message}

 _{The message will be encrypted with the recipient’s public key}

 _{Of course, the recipient’s public key must be in your keyring}



_To

_decrypt

_{a file}

 _{GPG will use your private key to decrypt a file sent to you}  _{So you will be asked to type your passphrase}

gpg –-encrypt –r <recipient> < <file_to_encrypt>

(16)

16

Signatures with GPG



_{To sign a message:}

 _{You will be asked for your passphrase}



_{To check a signature}



_{You can encrypt and sign a document}



_{To decrypt and check:}

gpg –-output <output_file> --clearsign <document>

gpg –-verify <document>

gpg –-armor –-sign –-encrypt –r [email protected] < document

(17)

17

Public Key Authentication Problem



_PROBLEM!

 _{How do you make sure a public key actually belongs to your partner?}  _{An attacker may create a key pair and tell you that the public key}

belongs to your partner

 _{He can then successfully intercept your messages to your partner}



_{PKI: Public Key Infrastructure}

 _Provides_{authentication}

(18)

18

Public Key Infrastructure



_A

_{Certification Authority (CA)}

_{authenticates public keys}

 _{Everybody trusts the CA}

 _{Everybody knows the public key of the CA}  _{The CA issues messages saying}

“I certify that key X belongs to person Y”

 _{The message is signed by the CA, so everybody can check that it has} been issued indeed by the CA

(19)

19

Public Key Infrastructure



_{Steps (1) and (2) are done only once!}



_{Clients check the validity of messages, without bothering the CA}

Client ---pubCA Server ---pubCA pubServer privServer CA ---pubCA privCA 5: OK, you are Server!

3: Who are you?

4:[“pubServer belongs to Server”]

signed by CA

2: [“pubServer belongs to Server”]

signed by CA

(20)

20

CA delegation



_{Often, one public authority is not enough}



_{You want}

_delegation

_{: I will be the new CA for cs.vu.nl}

 _{The “root CA” certifies the “local CA”}

 _{The “local CA” can issue certificates}



_{A key is authenticated if there is a}

_{chain of certifications}

_{from the}

(21)

(22)

22

SSL



_{SSL: Secure Socket Layer}



_{SSL is a communication protocol}

 _{It provides a higher layer of abstraction than normal sockets}

 Server authentication

 Client authentication

 Encryption

 _{Secure sockets}

 _{SSL uses normal sockets as a base, and adds lots of crypto to it}



_{There are many implementations of SSL}

 _{There is an open-source implementation: OpenSSL}  _{It is quite difficult to use!}

(23)

23

Bird-Eye View of OpenSSL

 _{You start by initializing SSL}

 Get yourself a key pair

 Get a CA’s certification for your key pair  Initialize the library

 Create an “SSL context”

 _{Load your key in the context, define the list of CAs that you trust}

 _{Create a normal TCP connection}

 _{Create an SSL connection (which uses the TCP connection)}

 Attach the SSL connection to the TCP connection

 A number of checks are realized (e.g., the server key must be certified)  Use the SSL connection to transfer data

(24)

24

stunnel: An SSL Tunnel



_{What if you want to use SSL with an existing application?}

 _stunnel _{allows you to use SSL without messing with the original code}  _{Available from http://www.stunnel.org/}



_{stunnel creates a daemon which}

_{converts regular TCP connections}

(25)

25

SSH tunnel



_{You can use ssh in a similar way:}

 _{-f: work in the background}

 _{-N: do Not execute a task, just establish a tunnel}  _{-L: the tunnel origin and destination address}